AWS Certified Solutions Architect – Associate Questions and Answers (Dumps and Practice Questions)
Question : Which of the following permissions can be implemented using IAM?
A. Installing Anti-virus on windows based EC2 instance
B. Launching new Amazon EC2 Instance
C. Query the data from Amazon MySQL RDS instance
D. Sending Cloud watch alarm to SNS queue and from there on mobile application.
1. A,B
2. B,C
3. Access Mostly Uused Products by 50000+ Subscribers
4. A,D
5. B,D
Correct Answer : Get Lastest Questions and Answer :
Explanation: : Please keep in mind AWS IAM policy can only be used to authorize a Principal, what he can do with the AWS resources and not
for OS or application user.
Hence, Installing Anti-virus on windows machine require OS user and not IAM user. Similarly querying data from RDS instance can be govern by the user
created in Database instance, it has nothing to do with the AWS resources.
Question : You are working with a Big Finance company, who is using AWS IT infrastructure. However, there are many issues related to security and your
chief technical architect asked you implement following things. Which of the following you can have as part of IAM security policy
A. Implementing password policies
B. Enable Multi Factor Authentication
C. Enabling NACL to restrict access on private subnet
D. Creating proper security rules insecurity group
1. A,B
2. B,C
3. Access Mostly Uused Products by 50000+ Subscribers
4. A,D
5. B,D
Correct Answer : Get Lastest Questions and Answer :
Explanation: : In the given option NACL and Security Group has nothing to do with IAM policy. They are related to network security. You can
implement password change policy and enable MFA using IAM.
Question : You are working under AWS chief technical architect and he suggested that you should always use IAM roles and not the Principal Credential
directly, what are the all benefits you see in this case?
A. When you use IAM Role, you are not worried about credential theft or miss use.
B. When you use IAM Role, you don’t have to regularly rotate the access keys.
C. All the AWS Access resource policies are not required to be created.
D. You can very easily integrate with Kerberos for authentication
1. A,B
2. B,C
3. Access Mostly Uused Products by 50000+ Subscribers
4. A,D
5. B,D
Correct Answer : Get Lastest Questions and Answer :
Explanation: When you create IAM Role, you don’t have to store Principal Credential in any of the configuration files. Based on Assume Roles
an application or principal can access the AWS resources. Also, there are no access keys in case of IAM Role, hence you don’t have to rotate them. But
policies certainly you have to create to define what role can do and cannot do. There is no need of Kerberos authentication with the IAM Principals and
Roles.
Related Questions
Question : You have developed a new web application in us-west- that requires six Amazon Elastic Compute Cloud (EC) instances running at all times. You
have three availability
zones available in that region (us-west-2a, us-west-2b, and us-west-2c). You need 100 percent fault tolerance if any single Availability Zone in us-west-2
becomes unavailable. How
would you do this, each answer has 2 answers, select the answer with BOTH correct answers.
Question : You need to add a route to your routing table in order to allow connections to the internet from your subnet. What route should you add?
1. Destination: 192.168.1.258/0 --> Target: your Internet gateway
2. Destination: 0.0.0.0/33 --> Target: your virtual private gateway
3. Access Mostly Uused Products by 50000+ Subscribers
4. Destination: 0.0.0.0/0 --> Target: your Internet gateway
Question : You have a VPC that has a public subnet and in this subnet you have EC instance. These EC instances can successfully communicate with
other computers on the
internet. You launch a 4th instance in the same subnet using the same AMI and security group configurations as you used for the others, however you find
that this instance cannot be
accessed from the internet. What should you do to enable internet access.
1. Modify the routing table for the public subnet to allow a route out for the new instance.
2. Assign an elastic IP address to the fourth instance.
3. Access Mostly Uused Products by 50000+ Subscribers
4. Configure a publically routable IP address in the host OS of the fourth instance.
Question : You are managing a legacy application Inside VPC with hard coded IP addresses in its configuration.
Which two mechanisms will allow the application to failover to new instances without the need for
reconfiguration? Choose 2 answers
A. Create an ELB to reroute traffic to a failover instance
B. Create a secondary ENI that can be moved to a failover instance
C. Use Route53 health checks to fail traffic over to a failover instance
D. Assign a secondary private IP address to the primary ENI that can be moved to a failover instance
1. A,B
2. A,D
3. Access Mostly Uused Products by 50000+ Subscribers
4. C,D
5. A,C
Question :
An Auto Scaling activity has started two instances simultaneously. The cool down period for the Auto Scaling group is 7 minutes.
The first instance is launched after 3 minutes, while the second instance is launched after 4 minutes.
After how many minutes will Auto Scaling accept another scaling activity request?
1. 10 minutes
2. 7 minutes
3. Access Mostly Uused Products by 50000+ Subscribers
4. 11 minutes
Question :
In CloudFormation Template, in the Resources section, you might declare a security group resource with
the logical name "HighRestriction". Elsewhere in another resource declaration,
you can use __________ as the value for another resource's property.
1. "logicalID" : "HighRestriction"
2. "PhysicalID" : "HighRestriction"
3. Access Mostly Uused Products by 50000+ Subscribers
4. "Map" : "HighRestriction"